View
821
Download
2
Category
Tags:
Preview:
DESCRIPTION
Speach given by Mr. Rod Beckstrom at AFCEA conference in Washington DC on 25 FEB 2009 on the topic of cyber security
Citation preview
This presentation is dedicated to the survivors and familiesof 9/11 and other acts of terrorism and violence worldwide.
9/11 Commission Report“connecting the dots”
DNINCTCDHSNCSC
GettingOur HeadsAroundCybersecurity
Rod BeckstromDirectorrod.beckstrom@dhs.gov
Black Hat
Black Hat
WIRED
GettingOur HeadsAroundCybersecurity
Rod BeckstromDirectorrod.beckstrom@dhs.gov
Presenter’s Name June 17, 2003
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Economics
Risk Mgt.
InternetArchitecture
Strategy
Awareness
Dream State
Privacy
Resilience
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Awareness(Mapping &Inventory… where am I? )
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Dream State(what is the end state we seek?)
Presenter’s Name June 17, 2003
Getting our head around cyber
Image source: www.thepromiseofgod.net
Strategy
What GameAre we Playing?
Presenter’s Name June 17, 2003
The Prisoners Dilemma
Presenter’s Name June 17, 2003
The Prisoners Dilemma
W/W
W/L
L/WW/W
L/L
Presenter’s Name June 17, 2003
Iterated Prisoners Dilemma
W/W
W/L
L/WW/W
L/L
200 X
“The Evolution of Cooperation” Axelrod
Presenter’s Name June 17, 2003
E Pluribus Unum
Collaboration &Social Networking
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Economics
Presenter’s Name June 17, 2003
Economics of Networks
What is the value of a network?
How much should be spent to defend it?
Fundamental Questions
Presenter’s Name June 17, 2003
Economics of Networks
The value of a network is equal to the summation of the net present value to each user, calculated as the benefit value of all transactions minus the costs, from the standpoint of each user, over any time period.
New Network Valuation Model
Presenter’s Name June 17, 2003
Economics of Networks
NPV = ΣB - ΣC
Where:NPV = net present value of all transactionsB = the benefit value of all transactionsC = the cost of transactions
Value to the Individual
Presenter’s Name June 17, 2003
Book Purchase Example
B = Cost of buying book at store $26
C = Cost of buying online and shipping - 16
NPV = = 10
NPV = ΣB - ΣC
Presenter’s Name June 17, 2003
Economics of Networks
i1
n
NPV (Vi, j ) Bi,k
(1 r)tk
k1
n
Ci,l
(1 r )t l
l1
n
Where: NPV(Vi,j) = net present value of all transactions 1 through n to individual i with respect to network j
j = identifies one network or network system
i = one user of the networkBi,k = the benefit value of transaction k to the individual i
Ci,l = the cost of transaction l to individual i
rk and rl = the discount rate of interest to the time of transaction k or ltk or tl = the elapsed time in years to transaction k or l
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Economics
Risk Mgt.
Presenter’s Name June 17, 2003
Economics of Security
NPV = ΣB - ΣC
Where:SI = Security InvestmentsL = Losses
Basic Model
NPV = ΣB - ΣC’ - ΣSI - ΣL Security Model
Presenter’s Name June 17, 2003
Economics of Security
Minimize Security Costs = Σ SI + Σ L
The Economic Risk Management Function
Presenter’s Name June 17, 2003
Loss $
Security Investment $
Economics of Security
Presenter’s Name June 17, 2003
Hacker Economics
NPV = ΣB - ΣC’ - ΣSI - ΣL Your Loss
Is the Hacker’s Gain
NPV = ΣB - ΣC’ - ΣSI - ΣL
Presenter’s Name June 17, 2003
Economics of deterrence
NPV = ΣB - ΣC’ - ΣSI - ΣL
Minimize the Hacker’s Gain
Presenter’s Name June 17, 2003
Supply Chain Solution
NPV = ΣB - ΣC’ - ΣSI - ΣL
1) Reward Good GuysPay large fees to Anyone who finds malicious code
NPV = ΣB - ΣC’ - ΣSI - ΣL
2) Punish Bad GuysLevy large fines on companies with bad products
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
InternetArchitecture
Presenter’s Name June 17, 2003
Loss $
Economics of Protocols
Better Protocols Drive Loss Function Down
Security Investment $
Presenter’s Name June 17, 2003
IPv6, DNS-SEC, BGP-SEC,
SMTP, SMS/IP, POTS …
Protocol Investments
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Resilience
Presenter’s Name June 17, 2003
Correlation of Losses
Correlations of losses due to IP failure (LIP) are trending towards 1.0
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Privacy
Presenter’s Name June 17, 2003
Presenter’s Name June 17, 2003
Getting our heads around cyber
rod.beckstrom@dhs.gov
Economics
Risk Mgt.
NetworkArchitecture
Strategy
Awareness
NetworkedIntelligence
Dream State
Privacy
Recommended